Q: Why is Hal going on about SELinux again? A: Because I investigate lots of Linux intrusions that would have failed if SELinux was enabled. At least come and learn to criticize SELinux from a position of knowledge and not FUD.
Antisyphon Training @Antisy_Training
28 Feb 2022
Coming up March 9-10 is @hal_pomeranz's 6-hour course, "SELinux – Necessary and Not Evil!" 10% of this course will be donated to @RuralTechFund. What's your experience with SELinux? Good? Bad? Let us know! Course details & registration can be found here: ow.ly/7q7a50I6lHa
8
20
103
I cannot overstate how impossibly difficult it is to attack a system running SELinux with setenforce 1. Even if it's got openings and misconfigurations, an attacker is going to make buckets of noise finding the flaws. Know who does ls -laZ? Nobody but attackers.
5
6
1
35
Very true. Don't think of SELinux as a protective control (though that is the primary function) I let SELinux screen out the attacks... and then look for the bypasses. It's an amazing noise reducer!
1
1
Replying to @bettersafetynet
I think we all agree here. SELinux isn't perfect but it will knock out the automated, ankle-biter level exploits and give you more visibility into higher-level attacks. Consider also that more adoption of SELinux would help expose and close the flaws in SELinux itself.

Mar 1, 2022 Β· 1:46 PM UTC

1
1
2
Replying to @hal_pomeranz @bettersafetynet
ankle-biter ... is out ...
GIF